github-trending-spider
Pass
Audited by Gen Agent Trust Hub on Jun 17, 2026
Risk Level: SAFECREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages a local checkout from a public GitHub repository (github.com/wenbochang888/github-trending-spider). It references scripts and instructions that perform third-party package installations via
pip install -r requirements.txtandnpm install. - [CREDENTIALS_UNSAFE]: The application logic interacts with sensitive environment variables, specifically
GITHUB_TOKEN,SMTP_USER, andSMTP_PASSWORD. Although the skill contains explicit 'Response Rules' to prevent the agent from printing these secrets, the underlying application is designed to access and use them. - [COMMAND_EXECUTION]: The skill provides instructions for executing shell scripts (e.g.,
bash scripts/start_backend.sh) and starting web services usinguvicorn. It notes that the application may bind to0.0.0.0and attempts to write logs to a system path (/root/logs/) by default, though it recommends user overrides to/tmp. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and summarizes untrusted data from multiple external sources such as Hacker News, V2EX, and GitHub Trending.
- Ingestion points: Untrusted content is fetched through modules like
hacker_news.py,tldr_ai.py, andofficial_ai_sources.py. - Boundary markers: The instructions do not specify the use of delimiters or guardrails to prevent embedded instructions in the news content from influencing the agent's behavior.
- Capability inventory: The skill possesses the ability to execute shell commands, perform network requests, and send emails via SMTP.
- Sanitization: No explicit sanitization or filtering of the fetched text is described before it is processed for summarization.
Audit Metadata